Skip to main content

Microsoft Windows MFC Document Title Updating Buffer Overflow Vulnerability ( 13 October 2010 )

Last Update Date: 28 Jan 2011 Release Date: 13 Oct 2010 5426 Views

RISK: Medium Risk

A remote code execution vulnerability exists in the way that window titles are managed in applications written using the Microsoft Foundation Class (MFC) Library. While the vulnerability is located in MFC and is present on affected operating systems, it can only be exploited if a remote attacker can influence the window title of any window in an MFC application. An attacker who successfully exploited this vulnerability could run arbitrary code in the security context of the current user.